Skillv1.0.2

ClawScan security

Crypto Payments Ecommerce · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 17, 2026, 10:59 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is an instruction-only guide for self-hosted crypto payments that mostly matches its description, but its runtime instructions imply handling private keys, node endpoints, and third‑party APIs without declaring any required credentials or installation steps — a mismatch that could lead to secret exposure or regulatory risk if misused.
Guidance: This skill is a how-to guide for running your own crypto payment processing and is plausible for that purpose, but exercise caution. Self-hosting payments requires private keys/seed phrases, RPC provider credentials, and sometimes API keys for on‑ramps — do not paste those secrets into the chat or give the agent access to them. Verify the authenticity of 'PayRam' (check the project site, code repository, and third‑party audits), prefer audited open-source implementations, keep keys in a hardware wallet or secure vault, test on testnets first, and consult legal/compliance counsel (KYC/AML) for your jurisdiction. If you plan to follow the guide, only run code you’ve reviewed locally and never share private keys or production credentials with the agent.

Review Dimensions

Purpose & Capability: noteThe name/description and the SKILL.md text align: this is a how-to for self-hosted crypto payments (PayRam). However there is an inconsistency in metadata presentation (registry shows no homepage while SKILL.md metadata references https://payram.com). The marketing claim of “no signup, no KYC” is part of the product pitch but is a legal/compliance claim rather than a technical requirement.
Instruction Scope: concernThe SKILL.md describes architecture and operational steps that require managing private keys, wallet sweeping, blockchain RPC endpoints, and integrating on‑ramp services. As an instruction-only skill it does not declare or constrain how those secrets/credentials are handled. That scope increases the risk that an agent or user might be instructed to paste private keys or other sensitive data into the chat or to perform unsafe operations. The document also references third‑party on‑ramps (MoonPay, Ramp, Transak) — expected — but the guide does not appear to include safe-guarding steps for secrets or explicit admonitions against sharing keys with the agent.
Install Mechanism: okNo install spec and no code files — the skill is instruction-only. This reduces the immediate risk from arbitrary code download or execution since nothing is installed by the skill itself.
Credentials: concernThe skill declares no required environment variables or credentials, yet its instructions necessarily require secrets in real deployments (wallet private keys/seed phrases, RPC provider credentials, API keys for on‑ramps or custodial services). The absence of any declared env vars or guidance for secure secret handling is a mismatch that could lead users to inadvertently expose sensitive credentials.
Persistence & Privilege: okalways:false and default invocation settings — no elevated or persistent privileges are requested. There is no indication the skill attempts to modify other skills or system-level agent configuration.